Add-CACrlDistributionPoint
Add-CACrlDistributionPoint
Adds a certificate revocation list (CRL) distribution point uniform resource indicator (URI) where AD CS publishes certification revocations.
구문
Parameter Set: Default
Add-CACrlDistributionPoint [-Uri] <String> [-AddToCertificateCdp] [-AddToCrlCdp] [-AddToCrlIdp] [-AddToFreshestCrl] [-Force] [-PublishDeltaToServer] [-PublishToServer] [ <CommonParameters>]
자세한 설명
The Add-CACRLDistributionPoint cmdlet adds a certificate revocation list (CRL) distribution point URI where the CA publishes certification revocations.
You can add certificate revocation list (CRL) distribution points in issued certificates by using this powershell cmdlet. However, adding the URL for a CRL distribution point only affects newly issued certificates. Previously issued certificates will continue to reference the original location.
To indicate that you want to use a URL as a CRL distribution point, use the switch PublishCRL.
To indicate that you want to use a URL as a delta CRL distribution point, use the switch PublishDeltaCRL.
To indicate that you want to publish this location in CRLs to point clients to a delta CRL, use the switch IncludeDeltaCRLs.
CRL uniform resource locators can be HTTP or LDAP paths. You can use the following variables depending upon the switch when specifying the address of the CRL.
<CAName>, which is replaced by the name of the targeted CA.
<CAObjectClass>, which is replaced by object class identifier for a CA, used when publishing to an LDAP URL.
<CATruncatedName>, which is replaced by sanitized name of the CA, truncated to 32 characters with a hash at the end.
<CDPObjectClass>, which is replaced by the object class identifier for CRL distribution points, used when publishing to an LDAP URL.
<CertificateName>, which is replaced by the renewal extension of the CA.
<ConfigurationContainer>, which is replaced by the location of the Configuration container in Active Directory Domain Services (AD DS) location.
<CRLNameSuffix>, which is replaced by inserts a name suffix at the end of the file name when publishing a CRL to a file or URL.
<DeltaCRLAllowed>, which is replaced by the CRLNameSuffix variable with a separate suffix to distinguish the delta CRL from the CRL; used when a delta CRL is published.
<ServerDNSName>, which is replaced by the DNS name of the CA server.
<ServerShortName>, which is replaced by the NetBIOS name of the CA server.
매개 변수
-AddToCertificateCdp
Include in the CDP extension of issued certificates. This parameter is available for use with LDAP, HTTP, UNC, and File paths.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-AddToCrlCdp
Include in the certificate revocation list (CRL). This parameter is available for use with LDAP paths.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-AddToCrlIdp
Include in the IDP extension of issued certificates. This parameter is available for use with LDAP and HTTP paths.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-AddToFreshestCrl
Include in the most recent (freshest) certificate revocation list (CRL). This parameter is available for use with LDAP, HTTP, UNC, and file paths.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-Force
사용자 확인을 요구하지 않고 명령을 실행합니다.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-PublishDeltaToServer
Publish the delta certificate revocation list (CRL). This parameter is available for use with LDAP, UNC, local, and file paths.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-PublishToServer
Publish the certificate revocation list (CRL) to the specified server. This parameter is available for use with LDAP, local, UNC, and file paths.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-Uri<String>
Specifies the uniform resource identifier (URI) for the distribution point location of the certificate revocation list (CRL). This is the location from where status information about certificate revocation will be retrieved and the location the CRL will be published.
별칭 |
없음 |
필수 여부 |
true |
위치 |
2 |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByValue, ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
<CommonParameters>
이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216).
입력
입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.
- System.String
출력
출력 유형은 cmdlet이 내보내는 개체의 유형입니다.
Microsoft.CertificateServices.Administration.Commands.CA.CrlDistributionPointResult
The output object type has a single property named Restart of Boolean type. If Restart equals True, then the CA must be restarted.
예제
-------------------------- EXAMPLE 1 --------------------------
Description
-----------
Adds a certificate revocation list (CRL) distribution point for the URI of http://ca1.corp.contoso.com/pki/\<CAName>.crl and sets the CRL URI to be included in issued certificates.
C:\PS>Add-CACRLDistributionPoint -Uri http://ca1.corp.contoso.com/pki/<CAName>.crl -AddToCertificateCdp